[KAZ-SIGN OFFICIAL]
937 views
Skip to first unread message
MUHAMMAD REZAL BIN KAMEL ARIFFIN / FS
Mar 15, 2024, 7:17:48 AMMar 15
to pqc-...@list.nist.gov
Dear all,
KAZ Team thanks anonymous input regarding some missing information in the specification document outlining KAZ-SIGN version 1.5, released on Feb 2, 2024.
Namely,
- During key generation, there is missing information. The parameter \alpha is a prime.
- Steps 3,4,5 during signing is not updated. It should be h=nextprime(H(m||salt)).
The reference implementation is correct. Both:
- Choosing \alpha as a prime,
- Computing h=nextprime(H(m||salt)) is conducted during signing
are executed in KAZ-SIGN v1.5 reference implementaiton. Hence, no changes are needed on the KAZ-SIGN v1.5 C codes released on Feb 2, 2024.
We thank the anonymous individual that scrutinized the reference implementation against the specification document.
We label the updated specification document with these changes as KAZ-SIGN v1.5.1.
The write-up can be accessed at the following link https://www.antrapol.com/KAZ-SIGN
All comments are welcomed.
Best wishes
KAZ-Team
March 15, 2024
MUHAMMAD REZAL BIN KAMEL ARIFFIN / FS
Apr 7, 2024, 6:03:11 AMApr 7
to pqc-...@list.nist.gov
Dear all,
We put forward KAZ-SIGN v1.6. We would like to thank discussion opportunities with Kai Chieh Chang (Jay) and the team at Phison Architecture Design Department which triggered discussions that lead towards version 1.6, that resulted in reduced number of steps for KAZ-SIGN key gen, sign and verify algorithms.
We put forward KAZ-SIGN v1.6. We would like to thank discussion opportunities with Kai Chieh Chang (Jay) and the team at Phison Architecture Design Department which triggered discussions that lead towards version 1.6, that resulted in reduced number of steps for KAZ-SIGN key gen, sign and verify algorithms.
KAZ-SIGN v1.6 can be accessed at https://antrapol.com/KAZ-SIGN
All comments are welcomed.
Best wishes
KAZ-Team
April 7, 2024
MUHAMMAD REZAL BIN KAMEL ARIFFIN / FS
May 7, 2024, 12:32:39 AMMay 7
to pqc-...@list.nist.gov
Technical changes upon v1.6 is as follows:
1) Redefined V1≡α mod GRgq to V1≡α mod GRg, where R^(GRg )≡1 mod Gg, ϕ(N)≡0 mod Gg and g^(Gg )≡1 mod N.
1) Redefined V1≡α mod GRgq to V1≡α mod GRg, where R^(GRg )≡1 mod Gg, ϕ(N)≡0 mod Gg and g^(Gg )≡1 mod N.
2) Provided an efficient algorithm to replace the iterative Chinese Remainder Theorem procedure during verification.
The above changes have reduced the length of parameters in KAZ-SIGN as well as resulted in faster execution.
Furthermore, we welcome our new co-author Kai Chieh Chang (Jay) from the Architecture Design Department, Phison Electronics Corporation, Taiwan. Jay has contributed from v1.6 to v1.6.1.
All comments are welcomed.
Best wishes
KAZ-Team
May 7, 2024
MUHAMMAD REZAL BIN KAMEL ARIFFIN / FS
Jun 21, 2024, 1:03:59 PMJun 21
to pqc-...@list.nist.gov
Dear all,
We put forward KAZ-SIGN v1.6.2. Technical changes upon v1.6.1 is as follows:
1) Instead of choosing α as prime, we now choose α as a random even number.
2) The choice of α in generating the public verification key-1 V1≡α mod GRg, is chosen such that the Modular Reduction Problem to determine the modular reduction value t=(α-V1)/GRg would depend solely on the size of GRg.
3) Instead of generating h=nextprime(H(m)), we now generate h=H(m).
4) The final procedure during verification is no longer a three-tier modular exponentiation process. It is now a two-tier modular exponentiation process.
We also have updated our editorial by renaming:
1) Gg as G0
2) GRg as G1
This is to reflect the role of these parameters in v1.6.2. G0 is no longer referring to the order of g in Z_N. G1 is no longer referring to the order of R in the order of Z_G0. Nevertheless, we have dedicated section 7.3.1 and 7.3.2 to synergize previous understanding of these parameters within the new roles of these parameters.
We have also excluded the iterative CRT procedure during verification. Section 9 in this write-up is dedicated to discuss this decision.
We put forward KAZ-SIGN v1.6.2. Technical changes upon v1.6.1 is as follows:
1) Instead of choosing α as prime, we now choose α as a random even number.
2) The choice of α in generating the public verification key-1 V1≡α mod GRg, is chosen such that the Modular Reduction Problem to determine the modular reduction value t=(α-V1)/GRg would depend solely on the size of GRg.
3) Instead of generating h=nextprime(H(m)), we now generate h=H(m).
4) The final procedure during verification is no longer a three-tier modular exponentiation process. It is now a two-tier modular exponentiation process.
We also have updated our editorial by renaming:
1) Gg as G0
2) GRg as G1
This is to reflect the role of these parameters in v1.6.2. G0 is no longer referring to the order of g in Z_N. G1 is no longer referring to the order of R in the order of Z_G0. Nevertheless, we have dedicated section 7.3.1 and 7.3.2 to synergize previous understanding of these parameters within the new roles of these parameters.
We have also excluded the iterative CRT procedure during verification. Section 9 in this write-up is dedicated to discuss this decision.
The above changes have reduced the length of parameters in KAZ-SIGN as well as resulted in faster execution.
The specification document and Reference & Optimized Implementation (KAT included) can be obtained at https://antrapol.com/KAZ-SIGN.
All comments are welcomed.
Best wishes
KAZ-Team
June 21, 2024
MUHAMMAD REZAL BIN KAMEL ARIFFIN / FS
Jul 9, 2024, 7:24:50 PM (13 days ago) Jul 9
to pqc-...@list.nist.gov
Dear all,
KAZ-Team found the following in our KAZ-SIGN v1.6.2 write-up:
It states: w3 = (S mod G1qQ) -SF2
It should be: w3 = (S mod G1qQ/e) -SF2 where e=gcd(G1,Q).
We have corrected this mistake.
KAZ-SIGN v1.6.3 Specification and Reference Implementation (KAT included) is available at https://www.antrapol.com/KAZ-SIGN
KAZ-Team found the following in our KAZ-SIGN v1.6.2 write-up:
It states: w3 = (S mod G1qQ) -SF2
It should be: w3 = (S mod G1qQ/e) -SF2 where e=gcd(G1,Q).
We have corrected this mistake.
KAZ-SIGN v1.6.3 Specification and Reference Implementation (KAT included) is available at https://www.antrapol.com/KAZ-SIGN
All comments are welcomed.
Best wishes
KAZ-Team
July 9, 2024
Reply all
Reply to author
Forward
0 new messages